CVE-1999-1593

Severity Score

7.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.

Windows Internet Naming Service (WINS), permite atacantes remotos provocar una denegación de servicio (pérdida de conexión) o el robo de credenciales a través de una inscripción 1Ch que hace que WINS se cambie de controlador de dominio para apuntar a un servidor malicioso. NOTA: este problema puede estar limitado cuando se usan clientes Windows 95/98, o si el primer controlador de dominio no está disponible.

*Credits: N/A

CVSS Scores

NISTv2 7.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-01-14 CVE Reserved
2009-01-15 CVE Published
2024-09-16 CVE Updated
2024-09-16 First Exploit
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CAPEC

References (10)

URL	Tag	Source
http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html	Broken Link
http://seclists.org/bugtraq/2001/Jan/0264.html	Mailing List
http://seclists.org/bugtraq/2001/Jan/0269.html	Mailing List
http://seclists.org/bugtraq/2001/Jan/0271.html	Mailing List
http://seclists.org/bugtraq/2001/Jan/0274.html	Mailing List
http://seclists.org/bugtraq/2001/Jan/0276.html	Mailing List
http://seclists.org/bugtraq/2001/Jan/0289.html	Mailing List
http://seclists.org/bugtraq/2001/Jan/0298.html	Mailing List
http://www.securityfocus.com/bid/2221	Third Party Advisory

URL	Date	SRC
https://www2.sans.org/reading_room/whitepapers/win2k/185.php	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows 2000 Search vendor "Microsoft" for product "Windows 2000"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows 95 Search vendor "Microsoft" for product "Windows 95"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows 98 Search vendor "Microsoft" for product "Windows 98"				-		-		Affected